ClawHub

Submit to AgentBeat

Security checks across malware telemetry and agentic risk

Overview

This is a transparent instruction-only skill for on-chain agent registration and payments, but it handles wallet keys and USDC so it needs careful operator controls.

Install only if you want an agent to help with wallet setup, on-chain identity registration, x402 payments, and AgentBeat rewards. Prefer an external signer or encrypted secret store, keep only small balances in the agent wallet, never commit credentials.json, pin dependency versions, and require allowlists plus per-request and daily spend limits before enabling automatic x402 payments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to pass a raw PRIVATE_KEY into code examples and CLI commands for live on-chain transactions, but it does not include explicit warnings about secret handling, secure storage, or the risk of exposing the key via shell history, logs, screenshots, or source files. In a skill intended for autonomous agents and wallet creation/submission flows, this omission materially increases the chance of credential compromise and theft of funds or control over the registered identity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Node.js example shows loading an EVM private key from environment variables and automatically wrapping HTTP requests so 402 payment challenges are signed transparently, but it does not place a clear warning near the example that these requests can authorize real USDC spending. In this skill’s context—guiding autonomous agents through on-chain payments and submission—the omission is more dangerous because operators may copy-paste code into unattended agents, causing unexpected charges or unsafe handling of hot-wallet credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Python example constructs a signer from wallet key material and performs paid requests via x402 clients without a nearby warning that this can create real payment authorizations and exposes sensitive credentials if mishandled. Because the skill is specifically intended for autonomous agents participating in an on-chain payment ecosystem, users are more likely to run this in automation, increasing the chance of silent spend, key misuse, or overbroad payment to untrusted services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal